Adobe patches security flaws in Acrobat and Reader

Patches are available to download now.
Written by Danny Palmer, Senior Writer

Adobe has released a set of security updates for Adobe Acrobat and Reader for Windows and Mac, patching vulnerabilities that could allow an attacker to take control of the affected system.

One vulnerability in Adobe Acrobat Reader DC can be exploited for the purposes of arbitrary code execution, Adobe said.

Uncovered by Cisco Talos researcher Aleksandar Nikolic, the TALOS-2017-0361 / CVE-2017-11263 exploit manifests in the parser program, the software component which takes inputs and builds them into data, in the Acroform parsing functionality used in PDFs.

A specifically-crafted PDF document could be designed to trigger this vulnerability and lead the parser to into an unintended state and therefore allow an attacker to access or overwrite memory inside the process for the purposes of arbitrary code execution.

The vulnerability would be triggered by a victim opening the malicious file or accessing a malicious webpage.

Adobe has released a software update that addresses the vulnerability, alongside updates for other vulnerabilities rated critical and important that "could potentially allow an attacker to take control of the affected system".


Editorial standards